Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.
PIH Health in California was hit with a ransomware attack which severely impacted its computer and telephone systems. The attack forced the hospital to activate their downtime contingency plan, which are the procedures followed to maintain the ability to provide patient care in the event of a computer outage. This typically involves going back to recording patient information on paper for later entry into the computer systems when they are back online.
It is important to note that going back to paper can result in additional workload for staff and delays and inconveniences for patients. But what if there was not a downtime contingency plan in place?
Imagine if your systems went down, how would you continue to function during the time your computers are not available.
- Do you have a plan in place?
- Have you tested the plan to make sure it will work when needed?
- What paper forms might you need to best record information from patient encounters during this down time?
- Are the forms optimized to allow your staff to be as effective as possible in both providing and documenting patient care?
- Are the forms optimized to allow your billing team to review the records so that you are reimbursed for the services you provide during the downtime?
Computer downtime can present challenges in terms of providing quality care, and it also presents challenges in terms of finances for your practice. Having a downtime contingency plan and TESTING it is vital to get through events of this nature with minimum disruption to your practice.
In this instance the attack on PIH Health also impacted their phone systems. Luckily not all facilities associated with the health care system had phone disruptions and they were able to re-route calls. This event and the ability of PIH Health to mitigate the impact of the phone system outage reminds us that our downtime contingency plan must also include plans on what to do if we lose access to our practice telephone system.
When you develop and review the plans for your practice you should have separate downtime plans for each system in your practice including your EHR, billing, and phone. What about other vital devices and equipment at your practice including your autoclave and digital imaging systems?
When we learn about events of this nature happening to somebody else it is a good time to look at what we are doing and evaluate how we might respond if that happened to us. Have you identified all vital systems for your practice and do you have contingency plans for each system? Downtime contingency planning for systems that involve patient information is a vital part of your HIPAA risk mitigation strategy. Being prepared for disasters involves much more than protecting your data; it involves protecting your patients and your practice as well.
If you need assistance with developing your downtime contingency plans or any other aspects of HIPAA compliance, please contact TLD Systems at:
https://www.tldsystems.com
phone: (631) 403 6687
email: [email protected]